Insider threats

The security sector is sometimes guilty of indulging in a bit of spin, and over-hyping of stories - its sometimes seen as a shameless attempt to sell more solutions, sometimes as a necessary evil to get joe public (or joe sys admin) to sit up and take notice

The security sector is sometimes guilty of indulging in a bit of spin, and over-hyping of stories - its sometimes seen as a shameless attempt to sell more solutions, sometimes as a necessary evil to get joe public (or joe sys admin) to sit up and take notice.

One recent example is the growing swell of warnings around disgruntled employees or ex-employees who may have been 'credit crunched' - and are now using access to their employer's systems and data to hit back.

It looks like a scare story, the sort of thing that appeals to editors who want to keep piling on the tales of economic woe (and along with 99% of the media industry I'm guilty as charged on that front).

But then I saw some figures. According to KPMG's E-crime survey 2009, levels of fraud committed by managers, employees and customers tripled between 2007 and 2008. This figure is expected to rise considerably.

Company Articles

Of course, there will always be employees with a grudge, or who betray trust, regardless of role or even motivation. Last year saw a rogue employee of the San Francisco government lock up the city's FibreWAN to keep other sys admins out. In January an ex-contractor of the Australian Northern Territory Government admitted causing $680,000 worth of damage to systems in a revenge attack. But in terms of numbers, the amount of people being laid off, or facing pay freezes or cuts can only add to the number of incidents.

A further study, by Ponemon Institute for Symantec in January found that 59% of one thousand Americans who had left their employer within the last year admitted to stealing confidential company information. Sensitive data such as customer lists were burnt onto disc by 53% of respondents, put on a USB drive by 42% or emailed out of the company by 38% of respondents. Almost one quarter, 24% of respondents said they were able to access company networks after leaving.

I suspect the situation in the Gulf, frankly, must be much worse. Many employees don't have a sense of job security here, so may actively take steps to save data like customer lists in advance of any trouble. Companies simply don't take adequate steps to instal data loss prevention or identity management solutions, and often have no clear procedures for HR to communicate staff or status changes to IT and so on. Lack of systems also makes detecting any breach that much harder as well.

Reduced IT budgets make it difficult for companies to afford new systems to automatically detect and prevent the threat from rogue users, but companies should at least take steps to address the basics of identity management to protect themselves. The threats faced by businesses in difficult times don't just come from outside.